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COMMUNICATION MSTHQO AMD DEVICS 
TECHNICAL FIELD 

The present invention., relates to methods and arrangements 
for secure communication between digital devices. In 
particular, the invention relates to user authentication 
5 in digital communication systems. 

BACKGROUND 

The need for secure electronic transactions involving a 
user and a transaction system such as an Internet based 
shopping site or an automatic teller machine (ATM) at a 

10' bank:, has increased dramatically during recent years. A 
major question relating to secure transactions is that of 
authentication of the user to the system. That is, how to 
identify a user as being the owner of, e.g., a bank 
account from which the user is to withdraw money from 

15 when using an ATM . 

A well-established method of authenticating users in such 
systems is that of providing the user with an electroni- 
cally readable device containing information about the 
user and his account. Such cards are common and contain 

20 magnetically stored information. In order to allow the 
user to use his card in an ATM, the issuer (e.g. the 
bank) has provided the user with a secret code to be 
supplied to the ATM when using the card. The code is used 
"unlock" the card for use by the user every time the user 

25 makes use of his card. 

A drawback of such a method is that . one and the same code 

is used every time a user authenticates with a system. 

This increases the risk of unauthorized use of the card 
if the user loses the card. 

30 An obvious way of avoiding this is to provide systems in 
which a secret code is used only once, that is for every 
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transaction the user makes use of a new code. However, 
this leads to a problem of providing the user with a long 
list of one-time-codes as well as storing the same list 
of codes in the system with which the user is to 
5 authenticate. Needless to say, such solutions are far 

from simple to administrate due to the fact that it calls 
for large storage areas in the authentication system, as 
well as being insecure due to the fact that the user 
holds a list of codes to be used in the future. 

10 A problem to solve, in the field of user authentication, 
is hence how to provide users and authentication- and 
transaction managers with a more flexible solution which 
also increases security when making transactions in 
digital communication networks. 

15 SUMMARY OF THE INVENTION 

An object of the present invention is to solve the 
problem as stated above. To that end, methods and 
arrangements are provided as stated in the appended 
claims . 

20 In short, an authentication arrangement, such as a 
personal smart card or IC-card comprising processing 
means, memory means and communication means, is used 
together with a reader capable of reading out information 
from the authentication arrangement. The authentication 

25 arrangement generates, e.g. as a response to a signal 
from the reader, a one-time identification code that is 
used by the user to authenticate himself, when making 
transactions via a digital network. A typical example of 
such a transaction is the use of an ATM when withdrawing 

30 money from a bank account. 

In some more detail, the invention can be seen in 
different aspects. A first aspect as seen from the point- 
of-view of the user possessing a smart card. In a second 
aspect from the pcint-of-view of a transaction manager or 
35 authentication manager, in the form of one or more 
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comparers in a system or network, at a bank for example, 
ccmnuni eating with the user when he/she is performing the 
transactions. Both of these aspects of the invention will 
be summarized below. 

5 A method and a system for user authentication in a 
digital communication system are provided. The 
communication system comprises a transaction manager and 
an authentication manager, both of which- may be separate 
functional units in one computer or functional units in 
10 different computers . 

The user possesses an . authentication arrangement, such- as" 
a smart card, which is identified by an authentication 
arrangement identification number. Personalizing 
information is supplied to the authentication 

15 arrangement, preferably by a supplier who is closely 
related to the authentication 'manager and/ or the 
transaction manager. The personalizing information 
associates the authentication arrangement held by the- 
user with the transaction manager. Advantageously, there ' r ' 

20 may be a number of different sets of personalizing 
information, supplied by a number of different 
authentication or transaction managers. Such a case 
enables a user to use one and the same authentication 
arrangement when making transactions' with different 

25 transaction managers. 

For each transaction the user performs which requires 
authentication, the system in the form of an 
authentication manager receives at least one 
substantially non-recurring identification code. The 
30 identification code has been generated by the user 
authentication arrangement and is dependent on the. 
personalizing information. Hence the identification code 
is acting as a unique, one-time, signature that 
identifies the user as being the authorized one. 

35 The reception of the code may take place by means of a 
direct communication channel between the authentication 
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manager and the authentication arrangement. A tvpical 
example of such a case is when the authentication 
arrangement, e.g. a smart card, is used in connection 
with an ATM where a smart card is inserted by the user 
5 whereupon the smart card calculates and submits the 

identification code to, e.g., the bank. The reception of 
the identification code may also take place in connection 
with a transaction where the user himself submits the 
identification code when communicating with, e.g., a web- 
10 based shop, A transaction taking place in such a case may 
involve the user using a separate portable card reader 
comprising a display on which the identification code is 
displayed after having been calculated by the smart card 
hardware. 

15 When receiving the identification code front the user, zhe 
authentication manager also computes a substantially non- 
recurring code. This code is a verification code, which 
also is dependent on the personalizing information 
previously supplied to the authentication arrangement. 

20 The authentication manager then performs a process of 

verifying that the received identification code is equal 
to the calculated verification code. This may simply be 
performed as a comparison between the two codes. In the 
case the codes match the user is authenticated and should 

25 be allowed to perform the transaction with the system. 

Preferably, during a transaction between the user 
authentication arrangement and the authentication system, 
the authentication system obtains information regarding 
the identity of the authentication arrangement, i.e. the 

30 identification number, ■ together with a transaction 
sequence' number . The identification number may be- 
transmitted from the user authentication arrangement 
during the transaction. However, the sequence number need 
not be transmitted during the transaction. Preferably, a 

35 current sequence number which is associated with the 
particular user authentication arrangement making uhe 
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transaction, may be kept at the authentication system and 
need not be transmitted from the user authentication 
arrangement . 

These two numbers are encrypted by the smart card using 
5 two encryption keys contained in the personalizing 
information previously supplied by the authentication 
arrangement, e.g. when the user registers himself as a 
customer and obtains his smart card from a party who 
controls the authentication- or transaction system. Thus 
10 generating a substantially non-recurring identification 
code. 

Since the transaction sequence number is calculated 
. independently by the user authentication arrangement and 
the authentication system, these two numbers may get 

15' unsynchronized. In such a case the authentication system 
may calculate a value for the verification code which is 
erroneous. In stead, of concluding that the user is 
unauthorized, the authentication system may attempt to 
adjust the transaction sequence number and calculate a 

20 new verification code to be compared with the received 
identification code.- This adjustment may take place an 
arbitrary number of times. 

A preferred embodiment of the invention is in the form of 
a personal smart card, as claimed below. The smart card 
25 may be used together with a portable card reader as will 
be discussed below. 

With respect to ail aspects of the invention, computer 
software implementation is obviously preferred. The 
software of the authentication- and transaction managers 

30 may be present in more or less traditional computers, and 
the software of the user authentication arrangement may 
be within smart cards or other portable units having 
processing- and storage means. To that end, inventive 
subjects in the form of computer programs are also to be 

35 found among the claims. 



WO 02/01325 PCT/SEO 1/01369 



5 

There are a number of advantages of the present 
invention, including the fact that there are the secret 
keys are kept inside the authentication arrangement, thus 
increasing the security. 

5 Another advantage is that it is possible for a user to 
use different readers with his/her smart card, thus 
making it flexible in terms of use in different 
locations. Conversely, several users can use one and the 
same reader, each user having his/her own personal smart 
10 card. Also, a user may have multiple sets of 

oerscnaiizing information all of which are associated 
with, and preferably also obtained from, different 
transaction- or authentication managers belonging to, 
e.g., different banks. 

15 Yet another advantage is that the minimum amount of data 
which has to be kept at the authentication manager 
computer site. For example, no large table of sequences 
of identification codes, that may occupy large storage 
areas, is needed. 

20 BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 illustrates schematically a system according to 
the present invention. 

Figure 2 illustrates schematically a personalizing 
procedure according to the present invention. 

25 Figure 3 illustrates schematically a procedure for 

identification code generation according to the present 
invention. 

Figure 4 illustrates schematically a verification 
procedure according to the present invention. 

30 PREFERRED EMBODIMENTS 

In figure 1 a user authentication arrangement in the form 
of a smart card 103, or integrated circuit card (ICC), 
and portable card reader 104 acts" together to provide a 
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user with a one-time identification code. The card 103 
comprises smart card hardware 105 as known in the art, 
which connects electrically via a slot 103 in the reader 
104. A push button 109 on the reader 104 initiates 
5 software in the card 103 to calculate the identification 
code and transfer it to the reader 104, which in turn 
displays the code in the fom of a four-digit number 100 
on a display 107. Obviously, any number of digits or 
other character may be generated. That is, the invention 
10 is not restricted to "traditional" four-digit identifi- 
cation codes. 

A system 102 with which the user or the smart card 
communicates comprises a computer 114 and an automatic 
teller machine 113 (ATM) . These two units are connected 
15"- via a computer network 112 to a transaction manager 110 
and an authentication manager 111, both of which may be 
physically separated or, as indicated by a dashed line 
115, joined in one and the same physical unit, as the 
skilled person realizes. 

20 With reference to the system 102 in figure 1 and 

schematic flow diagrams in figures 2 to 4 a preferred 
embodiment of the invention will now be described. 

The user holding the card, or rather the smart card 
itself, is in figure. 2 associated with a transaction 

25 manager or authentication manager. The association may 
simply mean establishing a business relation such as the 
user obtaining a banking card from a bank. Figure 2 
specifically illustrates the steps of personalizing the 
card before it is to be used to authenticate the user in 

30 a transaction. A unique identification number 201, e.g. a 
card number comprising a number of digits, is subject to 
encryption algorithms 204 and 206 using derivation keys 
203 and 205 respectively. Two different encrypting keys 
207 and 209 are generated. These encryption keys are in 

35 turn encrypted in steps 212 and 214 using keys 211 and 
213 respectively for the purpose of enabling a secure 
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transport to a functional unit 215 (personalizing unit 
215) , which may be located at a site different from where 
the above steps are performed. The personalizing unit 215 
decrypts in steps 213 and 219 the transported encryption 
5 keys 207 and 203, by using, transport decryption keys 215 
and 217 respectively, and stores them in the smart card 
200 by way of a writing step (not shown) . The card 200 is 
by this process personalized. That is, an association is 
made between the user and the transaction- or authenti- 
10 cation manager which performed the personalizing process. 

When the user is to perform a transaction with a 
transaction manager, he must supply an identification 
code together with, as is known in the art, other 
information relating to the transaction. Referring to 

15* figure 3, the identification number 301 of the smart card 
and a transaction sequence number 303 are encrypted in 
steps 306 and 308. An XOR operation between the sequence 
number and the identification number 301 is performed in 
order to introduce a non-static dynamic property of the 

20 encryption step 308. The encryption 306, 308 is performed 
using the encryption keys 305 and 307 stored in the card 
by the personalizing process described above in 
connection with figure 2. The output of the encrypting 
steps 306,308 are combined in a logical XOR-step 311 in 

25 order to ensure that the generated identification code is 
made dependent on both encryption steps 306 and 308. A 
resulting bit sequence is converted into a decimal 
number, such as a four digit number, in step 313 and 
supplied in step 315. The supplying of the identification 

30 may be either by way of presenting it on the display 107 
of the card reader 104\ The identification code may also 
be directly supplied via, e.g., the ATM to the 
transaction manager. The sequence number is incremented 
and stored for use in further transactions. 

35 Referring now to figure 4, from the point of view of the 
authentication manager, the received identification code 
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401 is compared in a comparison step 411 with a 
calculated verification cods generated in a verification 
code generation step 409. The verification code is 
calculated in steps 403 and 409 using derivation keys 402 
5 and the identification number 404 of the smart card, in 
the same way as the identification code was calculated in 
the processing means of the smart card, as described 
above in connection with figure 3. The identification 
number of the smart card is preferably also received 

10 together with the identification code. However, the 

number of the card may be "indirectly" received by means 
of a pointer to a database of card numbers at the 
authentication manager. The verification code and the 
received identification code are compared in step 411. If 

15. they are equal, the user is considered authenticated and 
allowed to proceed with the transaction as indicated by 
step 414. If the verification code and the received 
identification code differ, the situation may be that an 
identification code has been supplied which has not been • 

20 generated by a personalized smart card, in which case the 
transaction is not to be allowed. However, the comparison 
may also result in an inequality if the transaction 
sequence numbers that have been used to generate the 
identification code and the verification code, in the 

25 smart card and the authentication manager respectively, 
are different. This may occur if there have been 
interrupted transactions where the sequence number of the 
smart card has been incremented without the 
identification code being received by the authentication 

30 manager. In such a situation, the sequence number may be 
adjusted in an adjustment step 417 and a new verification 
code may be calculated. This adjustment and re- 
calculation may be performed an arbitrary number of times 
as indicated by a decision step 413 where it is decided 

35 whether or not a re-calculation based on a different 
sequence number should be allowed. Final step 415 then 
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indicates that the user is not authenticated to the 
system. 
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CLAIMS 

1. k method for authenticating a user in a digital 
communication system (102) , the communication system 
(102) comprising a transaction manager (110,111) and an 

5 authentication manager (110 , 111) , the user possessing an 
authentication arrangement (101} being identified by an 
authentication arrangement identification number, 
comprising: 

- supplying personalizing information to the 

10 authentication arrangement (101) , said personalizing 
information associating the authentication arrangement 

(101) with the at least one transaction manager 
(110,111) , 

- receiving, for each transaction of a plurality of 
15 transactions requiring authentication of the user between 

the user and the at least one transaction manager 
(110- , ill) f at least one substantially non-recurring 
identification code (100)., the identification code being 
dependent on the personalizing information, 

20 - calculating, for each transaction of a plurality 

of transactions requiring authentication of the user 
between the user and the at least one transaction manager 
(110,111), at least one substantially non-recurring 
verification code, the identification code being 

25 dependent on the personalizing information- supplied to 
the authentication arrangement (101), 

- verifying, for. each transaction of a plurality of 
transactions requiring authentication of the user between 
the user and the at least one transaction manager 

30 (110,111), comprising a comparison between the received 
identification code (100) and the calculated verification 
code, thereby authenticating the user to the system 

(102) . 

2. A method according to claim 1, where receiving the 
35 identification code comprises receiving the 
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authentication arrangement identification number and a 
transaction sequence number in encrypted form. 

3. A method according to claim 1 or 2, where supplying 
personalizing information comprises supplying az least a 

5 first key and a second key. 

4. A method according to claim 3, where receiving the 
identification code comprises receiving the 
authentication arrangement identification number 
encrypted by the first key and receiving the transaction 

10 sequence number encrypted by the second key. 

5. A method according to claim 2, where the steps of 
calculating and verifying comprises adjusting the 
transaction sequence number. 

6. A method according to claim 5, where the adjusting 
15 comprises at least one of adding and subtracting the 

transaction sequence number. 

7. An authentication system (115) for authenticating a 
user in a digital communication system (102), the 
communication system (102) comprising a transaction 

20 manager (110,111) and an authentication manager 
(110,111), the user possessing an authentication 
arrangement (101) being identified by an authentication 
arrangement identification number, comprising: 

- means for supplying personalizing information to 
25 the authentication arrangement (101), said personalizing 

information associating the authentication arrangement 
(101) with the transaction manager (110,111), 

- means for receiving, for each transaction of a 
plurality of transactions requiring authentication of the 

30 user between the user and the transaction manager 
(110,111), at least one substantially non-recurring 
identification code (100), the identification code being 
dependent on the personalizing information, 

- means for calculating, for each transaction of a 
35 plurality of transactions requiring authentication of the 
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user between the user and the transaction manager 
(110/111)/ at least one substantially non-recurring 
verification code, the verification coda being dependent 
on the personalizing information supplied- to the 
S authentication arrangement (101)/ 

- means for verifying/ for each transaction of a 
plurality of transactions requiring authentication of the 
user between the user and the transaction manager 
(110/111)/ comprising means for comparing the received 
10 identification code (100) and the calculated verification 
code, thereby authenticating the user to the transaction 
manager (110/ 111) . 

8. An arrangement according to claim 7, where the means 
for receiving' the identification code comprises means for 

15 ? receiving the authentication arrangement identification 
number and a transaction sequence number in encrypted 
form. 

9. An arrangement according to claim 7 or 3/ where the 
means for supplying personalizing information comprises 

20 means for supplying at least a first key and a second 
key. 

10. An arrangement according to claim 9, where the means 
for receiving the identification code comprises means for 
receiving the authentication arrangement identification 

25 number encrypted by the first key and means for receiving 
the transaction sequence number encrypted by the second 
key. 

11. An arrangement according to claim 8, where the means 
for calculating and verifying comprises means for 

30 adjusting the transaction sequence number. 

12. An arrangement according to claim 11, where the 
adjusting comprises at least one of means for adding and 
means for subtracting the transaction sequence number. 

13. A method for enabling' user authentication in a 

35 digital communication system (102)/ the communication 
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system (102) comprising a transaction manager (110,111) 
and an authentication manager (110,111), zhe user 
possessing an authentication arrangement (101), the 
authentication arrangement (101) being identified by an 
5 authentication arrangement identification number, 
comprising: 

- receiving personalizing information in the 
authentication arrangement' (101) from the authentication 
manager (110,111), said personalizing information 

10 associating the authentication arrangement (101) with the 
transaction manager (110,111), 

- calculating, for each transaction of a plurality 
of transactions requiring authentication of the user 
between the user and the transaction manager (110,111), 

15* at least one substantially non-recurring identification 
code (100), the identification code being dependent on 
the personalizing information, 

- supplying the at least one identification, code 
(100) to the user, thereby enabling user authentication . 

20 with the transaction manager (110,111), or supplying the 
at least one identification cede (100) to the 
authentication manager (110,111), thereby enabling user 
authentication with the transaction manager (110,111). 

14. A method according to claim 13, where calculating the 
25 identification code comprises encrypting the 

authentication arrangement identification number and a 
transaction sequence number. 

15. A method according to claim 13 or 14, where receiving 
personalizing information in the authentication 

30 arrangement (101) comprises receiving at least a first 
key and a second key. 

16. A method according to claim 15, where calculating the 
identification code comprises encrypting the 
authentication arrangement identification number using 

35 the first key and encrypting the transaction sequence 
number using the second key. 



WO 02/01325 



PCT/SE01/01369 



17. A method according to any one of claims 13-15, 
further comprising: 

- enabling the authentication arrangement (101) by 
receiving and processing an unlocking code. 

5 18. An authentication arrangement (101) for 

authenticating a user in a digital communication system 
(102), the authentication arrangement (101) being 
identified by an authentication arrangement 
identification number and the communication system (102) 
10 comprising a transaction manager (110,111) and an 
authentication manager (110,111), comprising: 

- means for receiving personalizing information from 
the authentication manager (110,111), said personalizing 
information associating the authentication arrangement 

15 * (101) with the transaction manager (110,111), 

- means for calculating, for each transaction of a 
plurality of transactions requiring authentication of the 
user between the user and the transaction manager 
(110,111), at least one substantially non-recurring 

20 identification code (100), the identification code being 
dependent on the personalizing information, 

- means for supplying the at least one 
identification code (100) to the user, thereby enabling 
user authentication with the transaction manager 

25 (110,111), or means for supplying the at least one 

identification code (100) to the authentication manager 
(110,111), thereby enabling user authentication with the 
transaction manager (110,111) . 

19. An arrangement according to claim 18, where the means 
30 for calculating the identification code comprises means 

for encrypting the authentication arrangement 
identification number and a transaction sequence number. 

20. An arrangement according to claim 18 or 19, where the 
means for receiving personalizing information in the 

35 authentication arrangement (101) comprises means for 
receiving at least a first key and a second key. 
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21. An arrangement according to claim 20, where the means 
for calculating the identification code comprises means 
for encrypting the authentication arrangement 
identification number using the first key and means for 

5 encrypting the transaction sequence number using the 
second key. 

22. An arrangement according to any one of claims 18-21, 
further comprising: 

- means for enabling the authentication arrangement 
10 (101) comprising means for receiving and processing^ an 

unlocking code. 

23. An arrangement according to any one of claims 13-22, 
further comprising: 

- means for controlling a plurality of different 
15 sets of personalizing information, said sets being 

associated with at least a respective transaction manager 
(110,111) . 

24. An arrangement according to any one of claims 18-23, 
comprising means for communicating with a reader 

20 arrangement (104) . 

25. A computer program, comprising software instructions 
performing a method according to any of claims 1-9. 

26. A computer program, comprising software instructions 
performing a method according to any of claims 13-17. 

25 27. A smart-card (103) for authenticating a user in a 
digital communication system (102), the smart-card (103) 
being identified by a smart-card identification number 
and the communication system (102) comprising a 
transaction manager (110,111) and an authentication 

30 manager (110,111), comprising: 

- means for receiving personalizing information from 
the authentication manager (110,111), said personalizing 
information associating the smart-card (103) with the 
transaction manager (110,111), 

35 - means for calculating, for each transaction of a 
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plurality of transactions requiring authentication of th 
user between" ths user and the transaction manager 
(110,111), at least one substantially non-recurring 
identification code (100), the identification code being 
5 dependent on the personalizing information, 
- means for' supplying the at least one 
identification code (100) to the authentication manager 
(110,111)/ thereby authenticating the user to the 
transaction manager (110,111) . 

10 23. A smart-card according to claim 27, comprising means 
for communicating with a card reader (104) . 

29. A smart-card reader comprising means for 
communicating with a smart-card according to any one of 
claims 27-28, 
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